Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)

• Previous message: Nicolas Villatte: "RE : [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• In reply to: Paul Schmehl: "Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Next in thread: Jason: "Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Maybe reply: Jennifer Bradley: "Re: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Maybe reply: Jennifer Bradley: "Re: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Maybe reply: Jennifer Bradley: "Re: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Paul Schmehl <pauls@utdallas.edu>
Date: Mon, 28 Jul 2003 00:57:29 -0500 (CDT)

        [SNIP]

> >
> > "Ron, you are just as clueless as you were when Slammer hit."
> >
> > Way to add value there, Bravo!
> >
> It's at least as valuable as your rant about no excuses. Ron comes from
> the same place you do and refuses to see the other side of the issue,
> much like you. No point in rehashing it with him.
>

<chuckle> no, now let's be fair, I think mine has altered some. Slammer
time around I pushed the "why wasn't it already patched" point. Then it
was pointed out in a few other lists how many backflips and side to side
installs could reinstall a vulnerable set of code making knowing how to
get patches installed and when to reinstall, let alone keep track of the
mess was so overwhelming for these folks, that now I just say, "mitigate
as much as possible at the gateways and servers", at the least, to give
these guys time to sort out the mess of patching and repatching they are
stuck with.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D. Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Nicolas Villatte: "RE : [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• In reply to: Paul Schmehl: "Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Next in thread: Jason: "Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Maybe reply: Jennifer Bradley: "Re: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Maybe reply: Jennifer Bradley: "Re: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Maybe reply: Jennifer Bradley: "Re: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]